Google are still failing to keep even their flagship google.com domain secure from Cross Site Scripting attacks, others it allows arbitrary code insertion into google.com.
See googles new pay search service (Not really of course, just my credit card form!)
The flaw appears to be in failing to clean the characters in a book result search, It's a trivial flaw, that every google employee should know about, the same class of flaws keeps getting produced, Google developers, and google testers would appear to be uninterested in security, not even bothering to test flaws that they've found before.

This entry was posted on Mon Apr 10 00:01:57 UTC+0100 2006 and is filed under Security, Script.